The COVID-19 crisis may have accelerated the number of people working from home, but it’s certainly not new, and not a temporary craze. But, how do you ensure identity security with a dispersed workforce?

By: Harpreet Mangat

Remote working, as a concept and practice, has been getting a lot of attention lately. Over the past few months, employers and employees have been scrambling to find solutions that allow work to go on in the era of self-isolation. For industries and companies who had been reticent to allow their workforce to work from home previously, this change has at times been implemented unevenly and with difficulty.

Companies scrambling to set up remote systems in an acute situation like the COVID-19 pandemic are often doing so without securing their people, devices, and systems properly. While the security risks can be managed, they’re a facet of remote workforces that need to be addressed from the outset.

Some companies are looking at the current necessity of remote work through the lens of presentism—thinking that when everything gets back to “normal,” they’ll call their employees back in office, and resume their business the way it operated previously. Based on the trends of the last 15 years, we’d caution against that notion. While you may be able to do that in the short term, both the percentage of people working from home, and the demand for employers who offer it as an option, are on the rise.

Remote working trends

Plenty of businesses were able to transition over the past few months with minimal workforce disruption because they already employed a remote workforce. Once thought of as a trendy, Silicon Valley ideal, remote working is common now.

There are a couple of really important reasons behind this. First, technology makes it possible. For many companies, basically everything is housed and supported online, making remote work possible.

The second reason is more cultural. Coming out of the 2008 financial crisis, the generation attempting to enter the workforce was wary, even skeptical of the old model of in-office work. They were generally technologically savvy, having a hard time finding employment, and had just witnessed the previous generation lose much of their retirement and savings due to circumstances out of their control. Long gone was the era of pensions and staying with a company for decades. For this generation, a better work life balance was pivotal in deciding where to work.

With this segment of the workforce now experiencing a second crisis of such huge magnitude, and a new, younger generation that’s even more technologically savvy just entering during a crisis, this desire is not likely going to change. According to Flexjobs, 80% of workers in the U.S. say they’d turn down a job that didn’t offer flexible work, with flexible schedules and remote working options cited as the most effective way to retain employees.

In other words, if you work in an industry where remote work is possible (which account for over half of jobs in the U.S., according to Global Workplace Analytics), and you don’t offer remote working options, you’d better be prepared to pay way more than your competitors if you want to attract top talent.

If you’re still reluctant to allow employees to work from home, perhaps with the skepticism that you won’t be able to tell whether they’re actually working or not, there’s plenty of research that shows remote workers are actually more productive.

All of this is to say if you’re viewing remote work through the lens of our current crisis, or something that’s a reversible trend, you’re going to be left in the dust. If you haven’t already done so, you need to start transitioning to offer employees this option. And when you do so—just as you would with new office technology—you need to make sure that you do so in a secure manner.

Security for remote workers

While most businesses rely on online connectivity for essential functions, anything connected to the internet comes with inherent risk. Remote work is no different, but the security and IT challenges are often overlooked.

At Axiad, we understand these challenges better than most. Many of our employees work remotely, and we’re happy to allow them to do so in order for us to compete for talent around the globe and retain that talent. Because of this, we have an innate understanding of the challenges of remote work identity security, which drives the development of the products we offer to help companies achieve security with a dispersed workforce.

So whether you already allow people to work from home, or are just entering the realm, here are some issues to look out for, as well as solutions.

Identity authentication for remote workers & devices

First, with workers moving out of the office, you need to be able to ensure that you can verify the identities of the workers connecting to your system, as well as the devices that they’re using to connect. You need to find solutions for identity authentication and implement them before remote workers access your system.

On the most basic level, this means implementing multi-factor authentication protocols and issuing users credentials to access your system. Realistically, because so many of us connect to work from our phones or laptops at home after hours, this is already something that you should be doing. Connectivity requires increased security, but it also needs to be efficient, user friendly, and cost- and time-effective.

Find secure emergency access solutions that don’t overburden your IT team

Workers—both in and out of office—can get locked out of devices for a variety of reasons. Users forget credentials and certificates expire, often requiring help from your IT department and periods of downtime where worker productivity suffers as they await a solution. There are two issues with how companies typically face this challenge.

First, many companies email users temporary passwords or links to temporary access. This is frequent in organizations whether their workforce is remote or not. But this is a poor solution to an extremely common issue: Emailing passwords or access opportunities circumvents multi-factor authentication methods. It’s an incredibly insecure way of managing access, and one that hackers are actively looking to exploit.

To solve this issue, Axiad provides Airlock, which allows companies to restrict access to the full system until certain directives are met. This could be reading a message from the CEO, certifying a device, security training, or updating a certificate before proceeding. In the case a user has forgotten their credentials, users recover their own credentials by accessing Axiad’s Self Help Portal, where they’re prompted to answer preset security questions before restoring access.

Because identity issuance requires a variety of solutions to ensure that your people, machines, servers, and system are all secured, and because users with varied privileges require additional certificates, IT teams often spend an inordinate amount of time manually managing a confusing certificate-issuance system.

That’s why we created One Click Issuance, which manages the issuance and lifecycle of all users credentials from a single pane. Rather than logging into multiple systems, portals, or websites and managing each credential individually, this allows users to manage all of their credentials in a single place, in a simple, streamlined manner.

The basic premise of both of the solutions is that they increase security, while reducing the need for intervention from your IT team, which can become overburdened by the needs of remote workers requiring access and solutions. Moving to a remote workforce shouldn’t force you to hire more IT professionals to deal with an increase in requests. But for many companies, that’s exactly what they do.

Managing identities for remote workforces can be secure & simplified

Many of the issues described above are overlooked by companies transitioning to remote employees, and are only addressed once there has been a significant security breach. We understand—there’s a lot to consider as you move to a new way of working, and if you aren’t aware of potential issues, how can you address them from the outset?

But they’re also essential issues, for which you have solutions. Remote work isn’t a temporary trend, and while it’s been hyper-accelerated during the COVID-19 era, it’s something sooner or later you’ll likely have to embrace to some degree.

The security of your company’s information and assets should be the first issue you address when transitioning to a remote workforce. Identity security is a major part of this equation, and one you can’t afford to overlook. But it doesn’t have to be complex or time consuming. Whether you’re just starting the process of allowing remote employees, or have been caught off guard by security needs you didn’t anticipate, Axiad is here to help ensure the process is both simple and secure.